Configuring A Wlan For Both Static And Dynamic Wep; Wpa1 And Wpa2 - Cisco SD2008T-NA Configuration Manual

Configuring WLANs
•
•
•

Configuring a WLAN for Both Static and Dynamic WEP

You can configure up to four WLANs to support static WEP keys, and you can also configure dynamic
WEP on any of these static-WEP WLANs. Follow these guidelines when configuring a WLAN for both
static and dynamic WEP:
•
•

WPA1 and WPA2

Wi-Fi Protected Access (WPA or WPA1) and WPA2 are standards-based security solutions from the
Wi-Fi Alliance that provide data protection and access control for wireless LAN systems. WPA1 is
compatible with the IEEE 802.11i standard but was implemented prior to the standard's ratification;
WPA2 is the Wi-Fi Alliance's implementation of the ratified IEEE 802.11i standard.
Cisco Wireless LAN Controller Configuration Guide
6-8
To disable or enable the 802.1X authentication, use this command:
config wlan security 802.1X {enable | disable} wlan-id
After you enable 802.1X authentication, the controller sends EAP authentication packets between
the wireless client and the authentication server. This command allows all EAP-type packets to be
sent to and from the controller.
If you want to change the 802.1X encryption level for a WLAN, use this command:
config wlan security 802.1X encryption wlan-id [40 | 104 | 128]
Use the 40 option to specify 40/64-bit encryption.
–
Use the 104 option to specify 104/128-bit encryption. (This is the default encryption setting.)
–
Use the 128 option to specify 128/152-bit encryption.
–
If you want to configure Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and
PI21AG) running PEAP-GTC to authenticate to a controller through a one-time password to a token
server, use these commands:
– config advanced eap identity-request-timeout—Configures the EAP identity request timeout
value in seconds. The default setting is 1 second.
– config advanced eap identity-request-retries—Configures the EAP identity request
maximum retries value. The default setting is 20.
config advanced eap request-timeout—Configures the EAP request timeout value in seconds.
–
The default setting is 1 second.
config advanced eap request-retries—Configures the EAP request maximum retries value.
–
The default setting is 2.
show advanced eap—Shows the values that are currently configured for the config advanced
–
eap commands. Information similar to the following appears:
EAP-Identity-Request Timeout (seconds)........... 1
EAP-Identity-Request Max Retries................. 20
EAP-Request Timeout (seconds).................... 1
EAP-Request Max Retries.......................... 2
The static WEP key and the dynamic WEP key must be the same length.
When you configure both static and dynamic WEP as the Layer-2 security policy, no other security
policies can be specified. That is, you cannot configure web authentication. However, when you
configure either the dynamic WEP or the static WEP as the Layer 2 security policy, you can
configure web authentication.
Chapter 6 Configuring WLANsWireless Device Access
OL-1926-06OL-9141-03